2014年4月22日火曜日

22日 火曜日、先勝


+ HPSBMU03018 rev.1 - HP Software Asset Manager running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260505-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03017 rev.1 - HP Software Connect-IT running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260456-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ HPSBMU03019 rev.1 - HP Software UCMDB Browser and Configuration Manager running OpenSSL, Remote Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260353-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks
http://www.securitytracker.com/id/1030128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1517

+ REMOTE: Adobe Flash Player Regular Expression Heap Overflow
http://www.exploit-db.com/exploits/32959

+ SA57862 Linux Kernel "ping_init_sock()" Reference Count Denial of Service Vulnerability
http://secunia.com/advisories/57862/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2851

+ SA57911 Oracle Multiple Products OpenSSL Heartbeat Two Information Disclosure Vulnerabilities
http://secunia.com/advisories/57911/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

+ Bugzilla CVE-2014-1517 Cross Site Request Forgery Vulnerability
http://www.securityfocus.com/bid/66984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1517

+ Cybozu Remote Service Manager CVE-2014-1983 Denial of Service Vulnerability
http://www.securityfocus.com/bid/66983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1983

+ Cybozu Remote Service Manager CVE-2014-1984 Session Fixation Vulnerability
http://www.securityfocus.com/bid/66982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1984

Advisory: Critical vulnerability found in OpenSSL affecting Sophos products
http://www.sophos.com/en-us/support/knowledgebase/120854.aspx

国内でもOpenSSL「心臓出血」が悪用、三菱UFJニコスから894人の情報流出か
http://itpro.nikkeibp.co.jp/article/NEWS/20140421/551884/?ST=security

オバマケアのWebサイトがパスワードリセット、Heartbleed対策で
http://itpro.nikkeibp.co.jp/article/NEWS/20140421/551822/?ST=security

VU#622950 Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed
http://www.kb.cert.org/vuls/id/622950

0 件のコメント:

コメントを投稿